From 3317029e041f02d32e3c9484481f4d0ac1af02994447a3541ba68ed00be56473 Mon Sep 17 00:00:00 2001 From: Michael Vetter Date: Wed, 18 Aug 2021 14:25:29 +0000 Subject: [PATCH] Accepting request 912915 from home:jubalh:branches:Base:System - Update to 4.9: * Updated translations * Major salt updates * Various coverity and cleanup fixes * Consistently use 0 to disable PASS_MIN_DAYS in man * Implement NSS support for subids and a libsubid * setfcap: retain setfcap when mapping uid 0 * login.defs: include HMAC_CRYPTO_ALGO key * selinux fixes * Fix path prefix path handling * Manpage updates * Treat an empty passwd field as invalid(Haelwenn Monnier) * newxidmap: allow running under alternative gid * usermod: check that shell is executable * Add yescript support * useradd memleak fixes * useradd: use built-in settings by default * getdefs: add foreign * buffer overflow fixes * Adding run-parts style for pre and post useradd/del - Refresh: * shadow-login_defs-unused-by-pam.patch * userdel-script.patch * useradd-script.patch * chkname-regex.patch * useradd-default.patch: bbf4b79 stopped shipping default file. change group in code now. * shadow-login_defs-suse.patch * useradd-userkeleton.patch - Remove because upstreamed: OBS-URL: https://build.opensuse.org/request/show/912915 OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=106 --- chkname-regex.patch | 12 +-- libsubid-build-fix.patch | 123 ++++++++++++++++++++++++++ shadow-4.1.5.1-logmsg.patch | 11 --- shadow-4.1.5.1-userdel-helpfix.patch | 14 --- shadow-4.8.1.tar.xz | 3 - shadow-4.8.1.tar.xz.asc | 11 --- shadow-4.9.tar.xz | 3 + shadow-4.9.tar.xz.asc | 11 +++ shadow-fix-sigabrt.patch | 14 +++ shadow-libeconf-include.patch | 17 ++++ shadow-login_defs-suse.patch | 26 +++--- shadow-login_defs-unused-by-pam.patch | 13 +-- shadow-passwd-handle-null.patch | 21 +++++ shadow-util-linux.patch | 8 +- shadow.changes | 47 ++++++++++ shadow.spec | 98 +++++++++++++------- useradd-default.patch | 22 +++-- useradd-script.patch | 30 ++++--- useradd-userkeleton.patch | 32 +++---- userdel-script.patch | 16 ++-- 20 files changed, 382 insertions(+), 150 deletions(-) create mode 100644 libsubid-build-fix.patch delete mode 100644 shadow-4.1.5.1-logmsg.patch delete mode 100644 shadow-4.1.5.1-userdel-helpfix.patch delete mode 100644 shadow-4.8.1.tar.xz delete mode 100644 shadow-4.8.1.tar.xz.asc create mode 100644 shadow-4.9.tar.xz create mode 100644 shadow-4.9.tar.xz.asc create mode 100644 shadow-fix-sigabrt.patch create mode 100644 shadow-libeconf-include.patch create mode 100644 shadow-passwd-handle-null.patch diff --git a/chkname-regex.patch b/chkname-regex.patch index 75e7272..1a985cb 100644 --- a/chkname-regex.patch +++ b/chkname-regex.patch @@ -2,23 +2,25 @@ Index: etc/login.defs =================================================================== --- etc/login.defs.orig +++ etc/login.defs -@@ -299,3 +299,11 @@ USERGROUPS_ENAB yes - # missing. +@@ -329,6 +329,13 @@ USERGROUPS_ENAB yes # #FORCE_SHADOW yes -+ -+# + +# User/group names must match the following regex expression. +# The default is [A-Za-z_][A-Za-z0-9_.-]*[A-Za-z0-9_.$-]\?, +# but be aware that the result could depend on the locale settings. +# +#CHARACTER_CLASS [A-Za-z_][A-Za-z0-9_.-]*[A-Za-z0-9_.$-]\? +CHARACTER_CLASS [ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz_][ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_.-]*[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_.$-]\? ++ + # + # Allow newuidmap and newgidmap when running under an alternative + # primary group. Index: lib/getdef.c =================================================================== --- lib/getdef.c.orig +++ lib/getdef.c -@@ -80,6 +80,7 @@ struct itemdef { +@@ -91,6 +91,7 @@ struct itemdef { #define NUMDEFS (sizeof(def_table)/sizeof(def_table[0])) static struct itemdef def_table[] = { diff --git a/libsubid-build-fix.patch b/libsubid-build-fix.patch new file mode 100644 index 0000000..b982ef8 --- /dev/null +++ b/libsubid-build-fix.patch @@ -0,0 +1,123 @@ +Fix build fails for libsubid (libtool: error: cannot find name of link library for '../libsubid/libsubid.la'). +Consisting of following upstream commits: +* f4a84efb468b8be21be124700ce35159c444e9d6 +* 537b8cd90be7b47b45c45cfd27765ef85eb0ebf1 +* fa986b1d73605ecca54a4f19249227aeab827bf6 +Index: shadow-4.9/configure.ac +=================================================================== +--- shadow-4.9.orig/configure.ac ++++ shadow-4.9/configure.ac +@@ -321,6 +321,8 @@ if test "$with_sha_crypt" = "yes"; then + AC_DEFINE(USE_SHA_CRYPT, 1, [Define to allow the SHA256 and SHA512 password encryption algorithms]) + fi + ++AM_CONDITIONAL(ENABLE_SHARED, test "x$enable_shared" = "xyes") ++ + AM_CONDITIONAL(USE_BCRYPT, test "x$with_bcrypt" = "xyes") + if test "$with_bcrypt" = "yes"; then + AC_DEFINE(USE_BCRYPT, 1, [Define to allow the bcrypt password encryption algorithm]) +Index: shadow-4.9/lib/Makefile.am +=================================================================== +--- shadow-4.9.orig/lib/Makefile.am ++++ shadow-4.9/lib/Makefile.am +@@ -10,6 +10,8 @@ if HAVE_VENDORDIR + libshadow_la_CPPFLAGS += -DVENDORDIR=\"$(VENDORDIR)\" + endif + ++libshadow_la_CPPFLAGS += -I$(top_srcdir) ++ + libshadow_la_SOURCES = \ + commonio.c \ + commonio.h \ +Index: shadow-4.9/libmisc/Makefile.am +=================================================================== +--- shadow-4.9.orig/libmisc/Makefile.am ++++ shadow-4.9/libmisc/Makefile.am +@@ -1,7 +1,7 @@ + + EXTRA_DIST = .indent.pro xgetXXbyYY.c + +-AM_CPPFLAGS = -I$(top_srcdir)/lib $(ECONF_CPPFLAGS) ++AM_CPPFLAGS = -I$(top_srcdir)/lib -I$(top_srcdir) $(ECONF_CPPFLAGS) + + noinst_LTLIBRARIES = libmisc.la + +Index: shadow-4.9/libsubid/Makefile.am +=================================================================== +--- shadow-4.9.orig/libsubid/Makefile.am ++++ shadow-4.9/libsubid/Makefile.am +@@ -1,6 +1,8 @@ + lib_LTLIBRARIES = libsubid.la ++if ENABLE_SHARED + libsubid_la_LDFLAGS = -Wl,-soname,libsubid.so.@LIBSUBID_ABI@ \ + -shared -version-info @LIBSUBID_ABI_MAJOR@ ++endif + libsubid_la_SOURCES = api.c + + pkginclude_HEADERS = subid.h +@@ -16,11 +18,12 @@ MISCLIBS = \ + $(LIBCRYPT) \ + $(LIBACL) \ + $(LIBATTR) \ +- $(LIBTCB) ++ $(LIBTCB) \ ++ $(LIBPAM) + + libsubid_la_LIBADD = \ +- $(top_srcdir)/lib/libshadow.la \ +- $(top_srcdir)/libmisc/libmisc.la \ ++ $(top_builddir)/lib/libshadow.la \ ++ $(top_builddir)/libmisc/libmisc.la \ + $(MISCLIBS) -ldl + + AM_CPPFLAGS = \ +Index: shadow-4.9/src/Makefile.am +=================================================================== +--- shadow-4.9.orig/src/Makefile.am ++++ shadow-4.9/src/Makefile.am +@@ -10,6 +10,7 @@ sgidperms = 2755 + AM_CPPFLAGS = \ + -I${top_srcdir}/lib \ + -I$(top_srcdir)/libmisc \ ++ -I$(top_srcdir) \ + -DLOCALEDIR=\"$(datadir)/locale\" + + # XXX why are login and su in /bin anyway (other than for +@@ -183,6 +184,7 @@ list_subid_ranges_LDADD = \ + list_subid_ranges_CPPFLAGS = \ + -I$(top_srcdir)/lib \ + -I$(top_srcdir)/libmisc \ ++ -I$(top_srcdir) \ + -I$(top_srcdir)/libsubid + + get_subid_owners_LDADD = \ +@@ -194,11 +196,13 @@ get_subid_owners_LDADD = \ + get_subid_owners_CPPFLAGS = \ + -I$(top_srcdir)/lib \ + -I$(top_srcdir)/libmisc \ ++ -I$(top_srcdir) \ + -I$(top_srcdir)/libsubid + + new_subid_range_CPPFLAGS = \ + -I$(top_srcdir)/lib \ + -I$(top_srcdir)/libmisc \ ++ -I$(top_srcdir) \ + -I$(top_srcdir)/libsubid + + new_subid_range_LDADD = \ +@@ -210,6 +214,7 @@ new_subid_range_LDADD = \ + free_subid_range_CPPFLAGS = \ + -I$(top_srcdir)/lib \ + -I$(top_srcdir)/libmisc \ ++ -I$(top_srcdir) \ + -I$(top_srcdir)/libsubid + + free_subid_range_LDADD = \ +@@ -220,6 +225,7 @@ free_subid_range_LDADD = \ + + check_subid_range_CPPFLAGS = \ + -I$(top_srcdir)/lib \ ++ -I$(top_srcdir) \ + -I$(top_srcdir)/libmisc + + check_subid_range_LDADD = \ diff --git a/shadow-4.1.5.1-logmsg.patch b/shadow-4.1.5.1-logmsg.patch deleted file mode 100644 index e4c9b21..0000000 --- a/shadow-4.1.5.1-logmsg.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- src/useradd.c -+++ src/useradd.c -@@ -320,7 +320,7 @@ static void fail_exit (int code) - user_name, AUDIT_NO_ID, - SHADOW_AUDIT_FAILURE); - #endif -- SYSLOG ((LOG_INFO, "failed adding user '%s', data deleted", user_name)); -+ SYSLOG ((LOG_INFO, "failed adding user '%s', exit code: %d", user_name, code)); - exit (code); - } - diff --git a/shadow-4.1.5.1-userdel-helpfix.patch b/shadow-4.1.5.1-userdel-helpfix.patch deleted file mode 100644 index 324f12f..0000000 --- a/shadow-4.1.5.1-userdel-helpfix.patch +++ /dev/null @@ -1,14 +0,0 @@ ---- src/userdel.c -+++ src/userdel.c -@@ -143,8 +143,9 @@ static void usage (int status) - "\n" - "Options:\n"), - Prog); -- (void) fputs (_(" -f, --force force removal of files,\n" -- " even if not owned by user\n"), -+ (void) fputs (_(" -f, --force force some actions that would fail otherwise\n" -+ " e.g. removal of user still logged in\n" -+ " or files, even if not owned by the user\n"), - usageout); - (void) fputs (_(" -h, --help display this help message and exit\n"), usageout); - (void) fputs (_(" -r, --remove remove home directory and mail spool\n"), usageout); diff --git a/shadow-4.8.1.tar.xz b/shadow-4.8.1.tar.xz deleted file mode 100644 index 38e5d7c..0000000 --- a/shadow-4.8.1.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a3ad4630bdc41372f02a647278a8c3514844295d36eefe68ece6c3a641c1ae62 -size 1611196 diff --git a/shadow-4.8.1.tar.xz.asc b/shadow-4.8.1.tar.xz.asc deleted file mode 100644 index d4ad9e7..0000000 --- a/shadow-4.8.1.tar.xz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEzBAABCgAdFiEE8dCNt3gYW/eEAC3/6f7qBqheP50FAl4qDlEACgkQ6f7qBqhe -P51Lfwf/b2gxtqo9WRUTOhau4kCy+zDbg3S/K7ZD/20I2t205FNCOyV+cR4Q/PRA -+hBLFsA/WAVqZm0/3re09VDV0eaBpI7hgNF0JFODawIixKdLVff9mbfbLdgzy2Dl -IvbNrUVDJV1wSlEJLIeUpUT4ClFaiExM/XaCvHSUUbRsJ5cutH2wt0neNC8mJHMu -srXoCp8lb4fT+BDgRKoGA6RMvnJSkExBbhrRqaARWWCGnS++5oJiD7UwPAOu9Imb -LtouVitkrjrpQncnQN+zCaKwyTGw/xlQyl0z86DXWbvhnTwUeeWZbyfRAglIsSkk -DRpWh2m7ejcvf1pGt66UBuMNr0yb1w== -=8I3q ------END PGP SIGNATURE----- diff --git a/shadow-4.9.tar.xz b/shadow-4.9.tar.xz new file mode 100644 index 0000000..8b82f8f --- /dev/null +++ b/shadow-4.9.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:feec1f2ce9c1b62798afd35a7d1b04cefdfa3a0a30ff3e75d6965ba8978c9144 +size 1627008 diff --git a/shadow-4.9.tar.xz.asc b/shadow-4.9.tar.xz.asc new file mode 100644 index 0000000..0f99f47 --- /dev/null +++ b/shadow-4.9.tar.xz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCgAdFiEE8dCNt3gYW/eEAC3/6f7qBqheP50FAmD5+dkACgkQ6f7qBqhe +P53Qywf/ShkcKvecTDRIrKUNJUTIlP8iywZ1NXypfdDKG/J63awMAGrKMZwOkLUS +AnImsvyoW3+XDIhdkeJd1Kv+8JDEt3oJ0ifHjfpXl4FzOervb1ZKtRPUcoJzzpnJ +Szt/7f3Sd0VfbItgf5F6jgMi7iDA/ZIqJTXeI0kEfVVL7DT681jVRjpnoURlrEq1 +6SmIyAul50VmZjLXq1xJ35uktr7VclnaRu17acax95e+oekP4sdNMaV5E5DSeq2N +db7kKCu80+lPvtQpj22vOO2w15ActH6f5Ec3P7OG8jL125q3yZNebVoh8FKxmFsh +PssfXu0TL50qH/p7qNEeihDLpwoI7g== +=6MLu +-----END PGP SIGNATURE----- diff --git a/shadow-fix-sigabrt.patch b/shadow-fix-sigabrt.patch new file mode 100644 index 0000000..aa82aae --- /dev/null +++ b/shadow-fix-sigabrt.patch @@ -0,0 +1,14 @@ +Upstream commit 4624e9fca1b02b64e25e8b2280a0186182ab73ba +To fix SIGABRT: https://github.com/shadow-maint/shadow/issues/394 +Index: shadow-4.9/src/useradd.c +=================================================================== +--- shadow-4.9.orig/src/useradd.c ++++ shadow-4.9/src/useradd.c +@@ -420,7 +420,6 @@ static void get_defaults (void) + } else { + def_group = grp->gr_gid; + def_gname = xstrdup (grp->gr_name); +- gr_free(grp); + } + } + diff --git a/shadow-libeconf-include.patch b/shadow-libeconf-include.patch new file mode 100644 index 0000000..c1f616e --- /dev/null +++ b/shadow-libeconf-include.patch @@ -0,0 +1,17 @@ +Include libeconf to newuidmap and newgidmap +Upstream commit: c6847011e8b656adacd9a0d2a78418cad0de34cb +Index: shadow-4.9/src/Makefile.am +=================================================================== +--- shadow-4.9.orig/src/Makefile.am ++++ shadow-4.9/src/Makefile.am +@@ -96,8 +96,8 @@ LIBCRYPT_NOPAM = $(LIBCRYPT) + endif + + chage_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) +-newuidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) -ldl +-newgidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) -ldl ++newuidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) $(LIBECONF) -ldl ++newgidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) $(LIBECONF) -ldl + chfn_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF) + chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF) + chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF) diff --git a/shadow-login_defs-suse.patch b/shadow-login_defs-suse.patch index 13ed873..2aa15bf 100644 --- a/shadow-login_defs-suse.patch +++ b/shadow-login_defs-suse.patch @@ -14,7 +14,7 @@ Index: etc/login.defs # # Delay in seconds before being allowed another attempt after a login failure -@@ -62,8 +65,8 @@ CONSOLE /etc/securetty +@@ -52,8 +55,8 @@ CONSOLE /etc/securetty # If defined, ":" delimited list of "message of the day" files to # be displayed upon login. # @@ -25,7 +25,7 @@ Index: etc/login.defs # # If set to "yes", login stops display content specified by MOTD_FILE after -@@ -83,8 +85,8 @@ MOTD_FILE /etc/motd +@@ -73,8 +76,8 @@ MOTD_FILE /etc/motd # user's name or shell are found in the file. If not a full pathname, then # hushed mode will be enabled if the file exists in the user's home directory. # @@ -36,7 +36,7 @@ Index: etc/login.defs # If this variable is set to "yes", hostname will be suppressed in the # login: prompt. -@@ -103,9 +105,9 @@ HUSHLOGIN_FILE .hushlogin +@@ -93,9 +96,9 @@ HUSHLOGIN_FILE .hushlogin # ENV_SUPATH is an ENV_ROOTPATH override for su and runuser # (and falback for login). # @@ -49,7 +49,7 @@ Index: etc/login.defs # If this variable is set to "yes" (default is "no"), su will always set # path. every su call will overwrite the PATH variable. -@@ -115,7 +117,7 @@ ENV_ROOTPATH /sbin:/bin:/usr/sbin:/usr/b +@@ -105,7 +108,7 @@ ENV_ROOTPATH /sbin:/bin:/usr/sbin:/usr/b # The recommended value is "yes". The default "no" behavior could have # a security implication in applications that use commands without path. # @@ -58,7 +58,7 @@ Index: etc/login.defs # # Terminal permissions -@@ -129,7 +131,7 @@ ALWAYS_SET_PATH no +@@ -119,7 +122,7 @@ ALWAYS_SET_PATH no # set TTYPERM to either 622 or 600. # TTYGROUP tty @@ -67,7 +67,7 @@ Index: etc/login.defs # Default initial "umask" value used by login(1) on non-PAM enabled systems. # Default "umask" value for pam_umask(8) on PAM enabled systems. -@@ -167,8 +169,8 @@ PASS_WARN_AGE 7 +@@ -157,8 +160,8 @@ PASS_WARN_AGE 7 UID_MIN 1000 UID_MAX 60000 # System accounts @@ -78,7 +78,7 @@ Index: etc/login.defs # Extra per user uids SUB_UID_MIN 100000 SUB_UID_MAX 600100000 -@@ -185,8 +187,8 @@ SUB_UID_COUNT 65536 +@@ -175,8 +178,8 @@ SUB_UID_COUNT 65536 GID_MIN 1000 GID_MAX 60000 # System accounts @@ -89,7 +89,7 @@ Index: etc/login.defs # Extra per user group ids SUB_GID_MIN 100000 SUB_GID_MAX 600100000 -@@ -195,7 +197,7 @@ SUB_GID_COUNT 65536 +@@ -185,7 +188,7 @@ SUB_GID_COUNT 65536 # # Max number of login(1) retries if password is bad # @@ -98,7 +98,7 @@ Index: etc/login.defs # # Max time in seconds for login(1) -@@ -211,18 +213,9 @@ LOGIN_TIMEOUT 60 +@@ -201,18 +204,9 @@ LOGIN_TIMEOUT 60 CHFN_RESTRICT rwh # @@ -119,7 +119,7 @@ Index: etc/login.defs # # If set to MD5, MD5-based algorithm will be used for encrypting password -@@ -235,7 +228,7 @@ CHFN_RESTRICT rwh +@@ -227,7 +221,7 @@ CHFN_RESTRICT rwh # Note: If you use PAM, it is recommended to use a value consistent with # the PAM modules configuration. # @@ -128,7 +128,7 @@ Index: etc/login.defs # # Only works if ENCRYPT_METHOD is set to SHA256 or SHA512. -@@ -311,7 +304,7 @@ USERDEL_POSTCMD /usr/sbin/userde +@@ -325,7 +319,7 @@ USERDEL_POSTCMD /usr/sbin/userde # # This also enables userdel(8) to remove user groups if no members exist. # @@ -137,7 +137,7 @@ Index: etc/login.defs # # If set to a non-zero number, the shadow utilities will make sure that -@@ -330,13 +323,13 @@ USERGROUPS_ENAB yes +@@ -344,13 +338,13 @@ USERGROUPS_ENAB yes # This option is overridden with the -M or -m flags on the useradd(8) # command-line. # @@ -151,5 +151,5 @@ Index: etc/login.defs -#FORCE_SHADOW yes +FORCE_SHADOW no - # # User/group names must match the following regex expression. + # The default is [A-Za-z_][A-Za-z0-9_.-]*[A-Za-z0-9_.$-]\?, diff --git a/shadow-login_defs-unused-by-pam.patch b/shadow-login_defs-unused-by-pam.patch index 948f797..1c4dbd9 100644 --- a/shadow-login_defs-unused-by-pam.patch +++ b/shadow-login_defs-unused-by-pam.patch @@ -149,7 +149,7 @@ Index: etc/login.defs # Default initial "umask" value used by login(1) on non-PAM enabled systems. # Default "umask" value for pam_umask(8) on PAM enabled systems. -@@ -206,28 +120,13 @@ UMASK 022 +@@ -211,28 +125,13 @@ UMASK 022 # # PASS_MAX_DAYS Maximum number of days a password may be used. # PASS_MIN_DAYS Minimum number of days allowed between password changes. @@ -178,7 +178,7 @@ Index: etc/login.defs # Min/max values for automatic uid selection in useradd(8) # UID_MIN 1000 -@@ -264,28 +163,6 @@ LOGIN_RETRIES 5 +@@ -269,28 +168,6 @@ LOGIN_RETRIES 5 LOGIN_TIMEOUT 60 # @@ -207,7 +207,7 @@ Index: etc/login.defs # Which fields may be changed by regular users using chfn(1) - use # any combination of letters "frwh" (full name, room number, work # phone, home phone). If not defined, no changes are allowed. -@@ -294,13 +171,6 @@ CHFN_AUTH yes +@@ -299,13 +176,6 @@ CHFN_AUTH yes CHFN_RESTRICT rwh # @@ -221,8 +221,8 @@ Index: etc/login.defs # Only works if compiled with MD5_CRYPT defined: # If set to "yes", new passwords will be encrypted using the MD5-based # algorithm compatible with the one used by recent releases of FreeBSD. -@@ -361,29 +231,12 @@ CHFN_RESTRICT rwh - #BCRYPT_MAX_ROUNDS 13 +@@ -382,17 +252,6 @@ CHFN_RESTRICT rwh + #YESCRYPT_COST_FACTOR 5 # -# List of groups to add to the user's supplementary group set @@ -239,7 +239,8 @@ Index: etc/login.defs # Should login be allowed if we can't cd to the home directory? # Default is no. # - DEFAULT_HOME yes +@@ -407,12 +266,6 @@ DEFAULT_HOME yes + NONEXISTENT /nonexistent # -# If this file exists and is readable, login environment will be diff --git a/shadow-passwd-handle-null.patch b/shadow-passwd-handle-null.patch new file mode 100644 index 0000000..cdc1369 --- /dev/null +++ b/shadow-passwd-handle-null.patch @@ -0,0 +1,21 @@ +Upstream commit: adb83f779618674e5e96e27e3d48559d62e2c410 +To fix: https://github.com/shadow-maint/shadow/pull/398 +Index: shadow-4.9/src/passwd.c +=================================================================== +--- shadow-4.9.orig/src/passwd.c ++++ shadow-4.9/src/passwd.c +@@ -490,9 +490,12 @@ static void print_status (const struct p + ((long long)sp->sp_max * SCALE) / DAY, + ((long long)sp->sp_warn * SCALE) / DAY, + ((long long)sp->sp_inact * SCALE) / DAY); +- } else { ++ } else if (NULL != pw->pw_passwd) { + (void) printf ("%s %s\n", +- pw->pw_name, pw_status (pw->pw_passwd)); ++ pw->pw_name, pw_status (pw->pw_passwd)); ++ } else { ++ (void) fprintf(stderr, _("%s: malformed password data obtained for user %s\n"), ++ Prog, pw->pw_name); + } + } + diff --git a/shadow-util-linux.patch b/shadow-util-linux.patch index 237f758..b885e5c 100644 --- a/shadow-util-linux.patch +++ b/shadow-util-linux.patch @@ -113,7 +113,7 @@ Index: lib/getdef.c =================================================================== --- lib/getdef.c.orig +++ lib/getdef.c -@@ -66,6 +66,7 @@ struct itemdef { +@@ -67,6 +67,7 @@ struct itemdef { {"LOGIN_STRING", NULL}, \ {"MAIL_CHECK_ENAB", NULL}, \ {"MOTD_FILE", NULL}, \ @@ -121,7 +121,7 @@ Index: lib/getdef.c {"NOLOGINS_FILE", NULL}, \ {"OBSCURE_CHECKS_ENAB", NULL}, \ {"PASS_ALWAYS_WARN", NULL}, \ -@@ -80,6 +81,7 @@ struct itemdef { +@@ -91,6 +92,7 @@ struct itemdef { #define NUMDEFS (sizeof(def_table)/sizeof(def_table[0])) static struct itemdef def_table[] = { @@ -129,7 +129,7 @@ Index: lib/getdef.c {"CHARACTER_CLASS", NULL}, {"CHFN_RESTRICT", NULL}, {"CONSOLE_GROUPS", NULL}, -@@ -88,6 +90,7 @@ static struct itemdef def_table[] = { +@@ -99,6 +101,7 @@ static struct itemdef def_table[] = { {"DEFAULT_HOME", NULL}, {"ENCRYPT_METHOD", NULL}, {"ENV_PATH", NULL}, @@ -137,7 +137,7 @@ Index: lib/getdef.c {"ENV_SUPATH", NULL}, {"ERASECHAR", NULL}, {"FAIL_DELAY", NULL}, -@@ -99,6 +102,7 @@ static struct itemdef def_table[] = { +@@ -110,6 +113,7 @@ static struct itemdef def_table[] = { {"KILLCHAR", NULL}, {"LASTLOG_UID_MAX", NULL}, {"LOGIN_RETRIES", NULL}, diff --git a/shadow.changes b/shadow.changes index aa085fd..8974276 100644 --- a/shadow.changes +++ b/shadow.changes @@ -1,3 +1,50 @@ +------------------------------------------------------------------- +Tue Aug 17 15:08:09 UTC 2021 - Michael Vetter + +- Update to 4.9: + * Updated translations + * Major salt updates + * Various coverity and cleanup fixes + * Consistently use 0 to disable PASS_MIN_DAYS in man + * Implement NSS support for subids and a libsubid + * setfcap: retain setfcap when mapping uid 0 + * login.defs: include HMAC_CRYPTO_ALGO key + * selinux fixes + * Fix path prefix path handling + * Manpage updates + * Treat an empty passwd field as invalid(Haelwenn Monnier) + * newxidmap: allow running under alternative gid + * usermod: check that shell is executable + * Add yescript support + * useradd memleak fixes + * useradd: use built-in settings by default + * getdefs: add foreign + * buffer overflow fixes + * Adding run-parts style for pre and post useradd/del +- Refresh: + * shadow-login_defs-unused-by-pam.patch + * userdel-script.patch + * useradd-script.patch + * chkname-regex.patch + * useradd-default.patch: bbf4b79 stopped shipping default file. + change group in code now. + * shadow-login_defs-suse.patch + * useradd-userkeleton.patch +- Remove because upstreamed: + * shadow-4.1.5.1-userdel-helpfix.patch + * shadow-4.1.5.1-logmsg.patch +- Add libsubid-build-fix.patch: + See https://github.com/shadow-maint/shadow/issues/387 +- Add shadow-libeconf-include.patch: + See c6847011e8b656adacd9a0d2a78418cad0de34cb +- Add shadow-fix-sigabrt.patch: + See https://github.com/shadow-maint/shadow/issues/394 +- Add shadow-passwd-handle-null.patch: + See https://github.com/shadow-maint/shadow/pull/398 +- Remove %{_sysconfdir}/default/useradd: file not shipped anymore +- Remove --disable-shared: Dont need it anymore + See https://github.com/shadow-maint/shadow/issues/336 + ------------------------------------------------------------------- Thu Jul 1 11:51:39 UTC 2021 - Thorsten Kukuk diff --git a/shadow.spec b/shadow.spec index 7786747..b7c8f00 100644 --- a/shadow.spec +++ b/shadow.spec @@ -21,15 +21,14 @@ %else %define no_config 1 %endif - Name: shadow -Version: 4.8.1 +Version: 4.9 Release: 0 Summary: Utilities to Manage User and Group Accounts License: BSD-3-Clause AND GPL-2.0-or-later Group: System/Base URL: https://github.com/shadow-maint/shadow -Source: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz +Source: https://github.com/shadow-maint/shadow/releases/download/v%{version}/shadow-%{version}.tar.xz Source1: pamd.tar.bz2 Source2: README.changes-pwdutils Source3: useradd.local @@ -37,7 +36,7 @@ Source4: userdel-pre.local Source5: userdel-post.local Source6: shadow.service Source7: shadow.timer -Source42: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz.asc +Source42: https://github.com/shadow-maint/shadow/releases/download/v%{version}/shadow-%{version}.tar.xz.asc Source43: %{name}.keyring # SOURCE-FEATURE-SUSE shadow-login_defs-check.sh sbrabec@suse.com -- Supplementary script that verifies coverage of variables in shadow-login_defs-unused-by-pam.patch and other patches. Source44: shadow-login_defs-check.sh @@ -53,40 +52,44 @@ Patch3: chkname-regex.patch Patch4: useradd-default.patch # PATCH-FEATURE-SUSE shadow-util-linux.patch sbrabec@suse.com -- Add support for util-linux specific variables, delete shadow login, su runuser specific. Patch5: shadow-util-linux.patch -# PATCH-FEATURE-FEDORA shadow-4.1.5.1-userdel-helpfix.patch christian.brauner@mailbox.org -- Give a hint about what happens when you force the removal of a user. -Patch6: shadow-4.1.5.1-userdel-helpfix.patch -# PATCH-FIX-FEDORA shadow-4.1.5.1-logmsg.patch kukuk@suse.com -- Fix error message. -Patch7: shadow-4.1.5.1-logmsg.patch # PATCH-FEATURE-SUSE shadow-login_defs-comments.patch kukuk@suse.com -- Adjust login.defs comments. -Patch13: shadow-login_defs-comments.patch +Patch6: shadow-login_defs-comments.patch # PATCH-FEATURE-SUSE shadow-login_defs-suse.patch kukuk@suse.com -- Customize login.defs. -Patch14: shadow-login_defs-suse.patch +Patch7: shadow-login_defs-suse.patch # PATCH-FEATURE-SUSE Copy also skeleton files from /usr/etc/skel (boo#1173321) -Patch15: useradd-userkeleton.patch +Patch8: useradd-userkeleton.patch # PATCH-FIX-SUSE disable_new_audit_function.patch adam.majer@suse.de -- Disable newer libaudit functionality for older distributions. -Patch20: disable_new_audit_function.patch +Patch9: disable_new_audit_function.patch +# PATCH-FIX-UPSTREAM libsubid-build-fix.patch mvetter@suse.de -- Fix build with libsubid (f4a84e, 537b8c, fa986b) +Patch10: libsubid-build-fix.patch +# PATCH-FIX-UPSTREAM shadow-libeconf-include.patch mvetter@suse.de -- Include libeconf to new*idmap (c68470) +Patch11: shadow-libeconf-include.patch +# PATCH-FIX-UPSTREAM shadow-fix-sigabrt.patch mvetter@suse.de -- Fix SIGABRT https://github.com/shadow-maint/shadow/issues/394 +Patch12: shadow-fix-sigabrt.patch +# PATCH-FIX-UPSTREAM shadow-passwd-handle-null.patch mvetter@suse.de -- Fix passwd NULL handling https://github.com/shadow-maint/shadow/pull/398 +Patch13: shadow-passwd-handle-null.patch BuildRequires: audit-devel > 2.3 BuildRequires: autoconf BuildRequires: automake BuildRequires: libacl-devel BuildRequires: libattr-devel -# It should be %%if %%{defined no_config}, but OBS cannot handle it: -%if 0%{?suse_version} >= 1550 -BuildRequires: libeconf-devel -%endif BuildRequires: libselinux-devel BuildRequires: libsemanage-devel BuildRequires: libtool BuildRequires: pam-devel BuildRequires: xz +Requires: login_defs >= %{version} Requires(pre): group(root) Requires(pre): group(shadow) Requires(pre): permissions Requires(pre): user(root) Provides: pwdutils = 3.2.20 Obsoletes: pwdutils <= 3.2.19 -Requires: login_defs >= %{version} Provides: useradd_or_adduser_dep +# It should be %%if %%{defined no_config}, but OBS cannot handle it: +%if 0%{?suse_version} >= 1550 +BuildRequires: libeconf-devel +%endif %description This package includes the necessary programs for converting plain @@ -94,21 +97,35 @@ password files to the shadow password format and to manage user and group accounts. %package -n login_defs -Summary: login.defs configuration file -Group: System/Base -BuildArch: noarch +Summary: The login.defs configuration file # Virtual provides for supported variables in login.defs. # It prevents references to unknown variables. # Upgrade them only if shadow-util-linux.patch or # encryption_method_nis.patch has to be ported! # Call shadow-login_defs-check.sh before! +Group: System/Base Provides: login_defs-support-for-pam = 1.3.1 Provides: login_defs-support-for-util-linux = 2.36 +BuildArch: noarch %description -n login_defs This package contains the default login.defs configuration file as used by util-linux, pam and shadow. +%package -n libsubid3 +Summary: A library to manage subordinate uid and gid ranges +Group: System/Base + +%description -n libsubid3 +Utility library that provides a way to manage subid ranges. + +%package -n libsubid-devel +Summary: Development files for libsubid3 +Group: System/Base + +%description -n libsubid-devel +Development files for libsubid3. + %prep %setup -q -a 1 %patch0 @@ -119,12 +136,14 @@ as used by util-linux, pam and shadow. %patch5 %patch6 %patch7 -%patch13 -%patch14 -%patch15 +%patch8 %if 0%{?suse_version} < 1330 -%patch20 -p1 +%patch9 -p1 %endif +%patch10 -p1 +%patch11 -p1 +%patch12 -p1 +%patch13 -p1 iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8 mv -v doc/HOWTO.utf8 doc/HOWTO @@ -145,14 +164,16 @@ autoreconf -fvi --with-nscd \ --with-selinux \ --without-libcrack \ - --disable-shared \ --with-group-name-max-length=32 \ --enable-vendordir=%{_distconfdir} -make %{?_smp_mflags} V=1 +%make_build +# --disable-shared \ currently doesn't build with this. See https://github.com/shadow-maint/shadow/issues/336 %install cp %{SOURCE2} . %make_install gnulocaledir=%{buildroot}/%{_datadir}/locale MKINSTALLDIRS=`pwd`/mkinstalldirs +# Separate call to install man pages. See https://github.com/shadow-maint/shadow/issues/389 +%make_install -C man install-man # install useradd.local, userdel.local, ... install -m 0755 %{SOURCE3} %{buildroot}/%{_sbindir}/ @@ -221,6 +242,8 @@ rm %{buildroot}/%{_mandir}/*/man5/passwd.5* rm -rf %{buildroot}%{_mandir}/{??,??_??} +rm %{buildroot}/%{_libdir}/libsubid.la + # Move /etc to /usr/etc if [ ! -d %{buildroot}%{_distconfdir} ]; then mkdir -p %{buildroot}%{_distconfdir} @@ -233,11 +256,11 @@ fi %pre %service_add_pre shadow.service shadow.timer for i in pam.d/chage pam.d/chfn pam.d/chpasswd pam.d/chsh pam.d/groupadd pam.d/groupdel pam.d/groupmod pam.d/newusers pam.d/passwd pam.d/useradd pam.d/userdel pam.d/usermod; do - test -f /etc/${i}.rpmsave && mv -v /etc/${i}.rpmsave /etc/${i}.rpmsave.old ||: + test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||: done %pre -n login_defs -test -f /etc/login.defs.rpmsave && mv -v /etc/login.defs.rpmsave /etc/login.defs.rpmsave.old ||: +test -f %{_sysconfdir}/login.defs.rpmsave && mv -v %{_sysconfdir}/login.defs.rpmsave %{_sysconfdir}/login.defs.rpmsave.old ||: %post %set_permissions %{_bindir}/chage @@ -273,7 +296,7 @@ test -f /etc/login.defs.rpmsave && mv -v /etc/login.defs.rpmsave /etc/login.defs %if %{defined no_config} # Migration to /usr/etc for i in pam.d/chage pam.d/chfn pam.d/chpasswd pam.d/chsh pam.d/groupadd pam.d/groupdel pam.d/groupmod pam.d/newusers pam.d/passwd pam.d/useradd pam.d/userdel pam.d/usermod; do - test -f /etc/${i}.rpmsave && mv -v /etc/${i}.rpmsave /etc/${i} ||: + test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||: done %endif @@ -281,12 +304,14 @@ done # rpmsave file can be created by # - change of owning package (SLE15 SP2->SP3, Leap 15.2->15.3) # - Migration to /usr/etc (after SLE15 and Leap 15) -test -f /etc/login.defs.rpmsave && mv -v /etc/login.defs.rpmsave /etc/login.defs ||: +test -f %{_sysconfdir}/login.defs.rpmsave && mv -v %{_sysconfdir}/login.defs.rpmsave %{_sysconfdir}/login.defs ||: + +%post -n libsubid3 -p /sbin/ldconfig +%postun -n libsubid3 -p /sbin/ldconfig %files -f shadow.lang %license COPYING %doc NEWS doc/HOWTO README README.changes-pwdutils -%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/default/useradd %verify(not md5 size mtime) %config(noreplace) %{_sysconfdir}/subuid %verify(not md5 size mtime) %config(noreplace) %{_sysconfdir}/subgid %if %{defined no_config} @@ -308,7 +333,6 @@ test -f /etc/login.defs.rpmsave && mv -v /etc/login.defs.rpmsave /etc/login.defs %config %{_sysconfdir}/pam.d/chfn %config %{_sysconfdir}/pam.d/chsh %config %{_sysconfdir}/pam.d/passwd -%config %{_sysconfdir}/pam.d/useradd %config %{_sysconfdir}/pam.d/chpasswd %config %{_sysconfdir}/pam.d/groupadd %config %{_sysconfdir}/pam.d/groupdel @@ -380,11 +404,19 @@ test -f /etc/login.defs.rpmsave && mv -v /etc/login.defs.rpmsave /etc/login.defs %files -n login_defs %if %{defined no_config} -%dir /etc/login.defs.d +%dir %{_sysconfdir}/login.defs.d %attr(0644,root,root) %{_distconfdir}/login.defs %else %attr(0644,root,root) %config %{_sysconfdir}/login.defs %endif %{_mandir}/man5/login.defs.5%{?ext_man} +%files -n libsubid3 +%{_libdir}/libsubid.so.* + +%files -n libsubid-devel +%dir %{_includedir}/shadow +%{_includedir}/shadow/subid.h +%{_libdir}/libsubid.so + %changelog diff --git a/useradd-default.patch b/useradd-default.patch index f0f94a1..ed8e29e 100644 --- a/useradd-default.patch +++ b/useradd-default.patch @@ -1,9 +1,13 @@ ---- etc/useradd -+++ etc/useradd -@@ -1,5 +1,5 @@ - # useradd defaults file --GROUP=1000 -+GROUP=100 - HOME=/home - INACTIVE=-1 - EXPIRE= +Index: src/useradd.c +=================================================================== +--- src/useradd.c.orig ++++ src/useradd.c +@@ -101,7 +101,7 @@ FILE *shadow_logfd = NULL; + /* + * These defaults are used if there is no defaults file. + */ +-static gid_t def_group = 1000; ++static gid_t def_group = 100; + static const char *def_gname = "other"; + static const char *def_home = "/home"; + static const char *def_shell = "/bin/bash"; diff --git a/useradd-script.patch b/useradd-script.patch index c7289de..91bcbfe 100644 --- a/useradd-script.patch +++ b/useradd-script.patch @@ -4,10 +4,12 @@ src/useradd.c | 41 ++++++++++++++++++++++++++++++++++++++++- 3 files changed, 48 insertions(+), 1 deletion(-) ---- etc/login.defs -+++ etc/login.defs 2020-10-30 12:54:38.117849829 +0000 -@@ -242,6 +242,13 @@ CHFN_RESTRICT rwh - DEFAULT_HOME yes +Index: etc/login.defs +=================================================================== +--- etc/login.defs.orig ++++ etc/login.defs +@@ -266,6 +266,13 @@ DEFAULT_HOME yes + NONEXISTENT /nonexistent # +# If defined, this command is run when adding a user. @@ -20,9 +22,11 @@ # If defined, this command is run when removing a user. # It should remove any at/cron/print jobs etc. owned by # the user to be removed (passed as the first argument). ---- lib/getdef.c -+++ lib/getdef.c 2020-10-30 12:54:38.117849829 +0000 -@@ -134,6 +134,7 @@ static struct itemdef def_table[] = { +Index: lib/getdef.c +=================================================================== +--- lib/getdef.c.orig ++++ lib/getdef.c +@@ -149,6 +149,7 @@ static struct itemdef def_table[] = { {"UID_MAX", NULL}, {"UID_MIN", NULL}, {"UMASK", NULL}, @@ -30,11 +34,13 @@ {"USERDEL_CMD", NULL}, {"USERDEL_PRECMD", NULL}, {"USERDEL_POSTCMD", NULL}, ---- src/useradd.c -+++ src/useradd.c 2020-10-30 13:08:17.378336989 +0000 -@@ -2238,6 +2238,44 @@ static void create_mail (void) - } +Index: src/useradd.c +=================================================================== +--- src/useradd.c.orig ++++ src/useradd.c +@@ -2398,6 +2398,44 @@ static void check_uid_range(int rflg, ui + } /* + * call_script - call a script to do some work + * @@ -77,7 +83,7 @@ * main - useradd command */ int main (int argc, char **argv) -@@ -2514,6 +2552,7 @@ int main (int argc, char **argv) +@@ -2691,6 +2729,7 @@ int main (int argc, char **argv) nscd_flush_cache ("group"); sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP); diff --git a/useradd-userkeleton.patch b/useradd-userkeleton.patch index 64be475..be82589 100644 --- a/useradd-userkeleton.patch +++ b/useradd-userkeleton.patch @@ -5,21 +5,11 @@ Copy also skeleton files from /usr/etc/skel (boo#1173321) src/useradd.c | 37 +++++++++++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+) -Index: etc/useradd -=================================================================== ---- etc/useradd.orig -+++ etc/useradd -@@ -5,4 +5,5 @@ INACTIVE=-1 - EXPIRE= - SHELL=/bin/bash - SKEL=/etc/skel -+USRSKEL=/usr/etc/skel - CREATE_MAIL_SPOOL=yes Index: src/useradd.c =================================================================== --- src/useradd.c.orig +++ src/useradd.c -@@ -78,6 +78,9 @@ +@@ -82,6 +82,9 @@ #ifndef SKEL_DIR #define SKEL_DIR "/etc/skel" #endif @@ -29,15 +19,15 @@ Index: src/useradd.c #ifndef USER_DEFAULTS_FILE #define USER_DEFAULTS_FILE "/etc/default/useradd" #define NEW_USER_FILE "/etc/default/nuaddXXXXXX" -@@ -101,6 +104,7 @@ static const char *def_gname = "other"; +@@ -106,6 +109,7 @@ static const char *def_gname = "other"; static const char *def_home = "/home"; - static const char *def_shell = ""; + static const char *def_shell = "/bin/bash"; static const char *def_template = SKEL_DIR; +static const char *def_usrtemplate = USRSKELDIR; - static const char *def_create_mail_spool = "no"; + static const char *def_create_mail_spool = "yes"; static long def_inactive = -1; -@@ -202,6 +206,7 @@ static bool home_added = false; +@@ -208,6 +212,7 @@ static bool home_added = false; #define DINACT "INACTIVE=" #define DEXPIRE "EXPIRE=" #define DSKEL "SKEL=" @@ -45,7 +35,7 @@ Index: src/useradd.c #define DCREATE_MAIL_SPOOL "CREATE_MAIL_SPOOL=" /* local function prototypes */ -@@ -469,6 +474,29 @@ static void get_defaults (void) +@@ -481,6 +486,29 @@ static void get_defaults (void) } /* @@ -75,7 +65,7 @@ Index: src/useradd.c * Create by default user mail spool or not ? */ else if (MATCH (buf, DCREATE_MAIL_SPOOL)) { -@@ -500,6 +528,7 @@ static void show_defaults (void) +@@ -512,6 +540,7 @@ static void show_defaults (void) printf ("EXPIRE=%s\n", def_expire); printf ("SHELL=%s\n", def_shell); printf ("SKEL=%s\n", def_template); @@ -83,7 +73,7 @@ Index: src/useradd.c printf ("CREATE_MAIL_SPOOL=%s\n", def_create_mail_spool); } -@@ -526,6 +555,7 @@ static int set_defaults (void) +@@ -538,6 +567,7 @@ static int set_defaults (void) bool out_expire = false; bool out_shell = false; bool out_skel = false; @@ -91,7 +81,7 @@ Index: src/useradd.c bool out_create_mail_spool = false; size_t len; int ret = -1; -@@ -620,6 +650,9 @@ static int set_defaults (void) +@@ -632,6 +662,9 @@ static int set_defaults (void) } else if (!out_skel && MATCH (buf, DSKEL)) { fprintf (ofp, DSKEL "%s\n", def_template); out_skel = true; @@ -101,7 +91,7 @@ Index: src/useradd.c } else if (!out_create_mail_spool && MATCH (buf, DCREATE_MAIL_SPOOL)) { fprintf (ofp, -@@ -649,6 +682,8 @@ static int set_defaults (void) +@@ -661,6 +694,8 @@ static int set_defaults (void) fprintf (ofp, DSHELL "%s\n", def_shell); if (!out_skel) fprintf (ofp, DSKEL "%s\n", def_template); @@ -110,7 +100,7 @@ Index: src/useradd.c if (!out_create_mail_spool) fprintf (ofp, DCREATE_MAIL_SPOOL "%s\n", def_create_mail_spool); -@@ -2507,6 +2542,8 @@ int main (int argc, char **argv) +@@ -2679,6 +2714,8 @@ int main (int argc, char **argv) if (home_added) { copy_tree (def_template, prefix_user_home, false, false, (uid_t)-1, user_id, (gid_t)-1, user_gid); diff --git a/userdel-script.patch b/userdel-script.patch index 0421c8c..ccbebc5 100644 --- a/userdel-script.patch +++ b/userdel-script.patch @@ -2,7 +2,7 @@ Index: lib/getdef.c =================================================================== --- lib/getdef.c.orig +++ lib/getdef.c -@@ -127,6 +127,8 @@ static struct itemdef def_table[] = { +@@ -150,6 +150,8 @@ static struct itemdef def_table[] = { {"UID_MIN", NULL}, {"UMASK", NULL}, {"USERDEL_CMD", NULL}, @@ -15,7 +15,7 @@ Index: etc/login.defs =================================================================== --- etc/login.defs.orig +++ etc/login.defs -@@ -216,9 +216,25 @@ DEFAULT_HOME yes +@@ -270,9 +270,25 @@ NONEXISTENT /nonexistent # It should remove any at/cron/print jobs etc. owned by # the user to be removed (passed as the first argument). # @@ -45,7 +45,7 @@ Index: src/userdel.c =================================================================== --- src/userdel.c.orig +++ src/userdel.c -@@ -126,7 +126,7 @@ static void close_files (void); +@@ -131,7 +131,7 @@ static void close_files (void); static void fail_exit (int); static void open_files (void); static void update_user (void); @@ -54,7 +54,7 @@ Index: src/userdel.c #ifdef EXTRA_CHECK_HOME_DIR static bool path_prefix (const char *, const char *); -@@ -768,13 +768,13 @@ static void update_user (void) +@@ -774,13 +774,13 @@ static void update_user (void) * cron, at, or print jobs. */ @@ -70,7 +70,7 @@ Index: src/userdel.c if (NULL == cmd) { return; } -@@ -1214,9 +1214,10 @@ int main (int argc, char **argv) +@@ -1225,9 +1225,10 @@ int main (int argc, char **argv) } /* @@ -83,7 +83,7 @@ Index: src/userdel.c open_files (); update_user (); update_groups (); -@@ -1337,7 +1338,7 @@ int main (int argc, char **argv) +@@ -1348,7 +1349,7 @@ int main (int argc, char **argv) * the entry from /etc/passwd. */ if(prefix[0] == '\0') @@ -91,8 +91,8 @@ Index: src/userdel.c + call_script ("USERDEL_CMD", user_name); close_files (); - #ifdef WITH_TCB -@@ -1348,6 +1349,9 @@ int main (int argc, char **argv) + if (run_parts ("/etc/shadow-maint/userdel-post.d", user_name, "userdel")) { +@@ -1363,6 +1364,9 @@ int main (int argc, char **argv) nscd_flush_cache ("group"); sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);